HBGary Federal's Anonymous-hunting CEO didn't know how right he was.

When HBGary Federal CEO Aaron Barr decided to out the leaders of Anonymous, the loose hacker collective, he spent months infiltrating the group under the name "Coganon." By the end of it he had identified three people who appeared to wield the most influence in the group. One of them was "Commander X," the 50-something hacktivist who jumped bail and fled to Canada to avoid federal hacking charges.

Barr's name has long been a punchline among the Anonymous crowd, synonymous with "getting it wrong." When several members of Anonymous broke into HBGary Federal computers in retaliation and stole Barr's e-mail spool, they released it to the world. They told anyone who would listen that Barr's project was so wrong as to be laughable rather than dangerous to them.

Take Commander X. Barr identified the man behind the mask as one Benjamin Spock de Vries of San Francisco, but de Vries quickly told any journalist who would listen that he had nothing to do with the Commander X persona (he sent me several e-mails as well, hoping to get the matter cleared up, as he said it was causing him a good deal of anxiety).

Barr was wrong, because Commander X was actual homeless hacktivist Christopher Doyon. But one odd sidelight of traveling to Canada to talk with Doyon was more information on how Barr worked—and on how he had, in fact, correctly IDed Doyon as "Commander X."

Top three!

In the end, Barr determined that three people were most important. A figure called Q was the "founder and runs the IRC. He is indeed in California, as are many of the senior leadership of the group." Another person called Owen is "almost a co-founder, lives in NY with family that are also active in the group, including slenaid and rabbit (nicks)." Finally, Commander X can "manage some significant firepower." Barr believed he had matched real names to each of these three individuals.

"They think I have nothing but a hierarchy based on IRC aliases!" Barr wrote in one of his e-mails. "As 1337 [leet] as these guys are suppsed [sic] to be they don't get it. I have pwned them! :)"

By the time the list became public, Anons were trashing it. "Please note that the names in that file belong to innocent random people on facebook. none of which are related to us at all," said one leading Anon in an IRC chat with an HBGary official.

When Anonymous defaced the HBGary Federal website, the hackers made the same point. "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous?" said their note. "You haven't. You think Anonymous has a founder and various co-founders? False…. We laughed. Most of the information you've 'extracted' is publicly available via our IRC networks. The personal details of Anonymous 'members' you think you've acquired are, quite simply, nonsense."

But Barr's method had not been nuts—especially with Commander X. Indeed, his technique here was ridiculously obvious. After seeing the Commander X persona talk repeatedly about being a Supreme Commander in the "People's Liberation Front" (PLF), Barr had simply run a WHOIS lookup on the PLF website.

He got two things as a result. First, a name—Christopher Doyon. Second, an address for a location on Haight Street in San Francisco. Soon after doing this, Barr's "Coganon" persona went to Commander X and told him that it wasn't smart of Doyon to use his real name on the PLF registration.

"I never knew that he was Aaron Barr until afterwards," Doyon told me, but he wasn't keen on being outed by anyone. Correctly assuming that his interlocutor was trying to verify this information, rather than truly knowing it, Doyon responded that he had used a bogus name for the registration—"Christopher Doyon" had been a joke.

"He had my real name and didn't fucking use it!" Doyon says now with obvious glee.

Barr apparently believed Doyon's denials, because the leaked document says clearly, "Commander X is Benjamin Spock de Vries." It's hard to be sure, though. The version of Barr's notes found in his e-mail spool was an early draft; as such, later versions kept on Barr's computer might have had more accurate information. Doyon believes that Barr instead followed up on the bogus address, which just happened to be linked to de Vries, and then convinced himself of a linkage that didn't exist in reality.

I've made a huge mistake

In any event, the takeaway is clear: no one involved in this little drama comes off as an undercover mastermind. Barr's story is now well-known, but what about Doyon, who claims to abide by security protocols so rigorous it takes him 20 minutes to start up his laptop each day? When we met, I asked him how he could possibly have put his own real name on the PLF domain name registration form when he was trying to stay hidden.

The reason Barr thought De Vries was the elusive X? Because de Vries is the founder and admin of a Facebook Group called Global Strike 2011, which appears to be popular with the Anons. That, or many of its members are just particularly enamored of Guy Fawkes masks and wicked cool handles like Anarcho Femmina and Anonomous AnonopsEsp (then again, who isn’t?).

Fun followup to yesterday's tale. Stupid indeed, I've long wondered without looking into whether there are any ramifications for using fake info for domain registration.

Early on when Anonymous became news the notion of some elite hacker gang running roughshod over the internets seemed intriguing, concerning even, but Doyon seems just like the hackers I knew a decade ago, paranoid pot-heads who weren't afraid of screwing things up by playing with stuff they found on hackerhideout or wherever. Script kiddies. The most capable guys I knew were the least likely pull the trigger, probably because they had something to lose. I don't doubt that there are some capable people that associate with Anon, but in general their disruptions are pretty minor and random, so who cares?

I'm wondering about this series of article about Anonymous we're seeing. I'm finding them uninteresting, devoid of substance, actually of anything to catch my imagination or my fancy.

I don't have much interest in cyber-vandals though I sometimes find their shenanigans rather funny. I don't think they're having any kind of impact though, apart from strengthening anti-hacking legislation.

My question is: What's the point of this series ? Share the plight of a fugitive ? Of a pursuer ? Is there a lesson we're supposed to get from those ?

I'm wondering about this series of article about Anonymous we're seeing. I'm finding them uninteresting, devoid of substance, actually of anything to catch my imagination or my fancy.

I don't have much interest in cyber-vandals though I sometimes find their shenanigans rather funny. I don't think they're having any kind of impact though, apart from strengthening anti-hacking legislation.

My question is: What's the point of this series ? Share the plight of a fugitive ? Of a pursuer ? Is there a lesson we're supposed to get from those ?

I found both articles fascinating in that they illuminated the true story and mindset of at least one Anon member. Real life. There's been endless speculation about this group and I find it informative to read something that's actually been researched, and that's based on facts and first person interaction, rather than guesswork colored by the perspective of whoever wrote it.

On the other hand, the first article was long enough that I never would have finished it if I felt as you do. I'm a big fan of Ars, but I don't think that requires me to read every word written here.

I'm wondering about this series of article about Anonymous we're seeing. I'm finding them uninteresting, devoid of substance, actually of anything to catch my imagination or my fancy.

I don't have much interest in cyber-vandals though I sometimes find their shenanigans rather funny. I don't think they're having any kind of impact though, apart from strengthening anti-hacking legislation.

My question is: What's the point of this series ? Share the plight of a fugitive ? Of a pursuer ? Is there a lesson we're supposed to get from those ?

Because those stories generated really massive interest at the time--even operations like The Colbert Report were talking about our articles--and I'm just filling in one little further bit of the story that I learned while reporting that major feature. And I think you're overstating the case for a big "series of articles." There have been two, and the one comes directly out of the other.

Fun followup to yesterday's tale. Stupid indeed, I've long wondered without looking into whether there are any ramifications for using fake info for domain registration.

Early on when Anonymous became news the notion of some elite hacker gang running roughshod over the internets seemed intriguing, concerning even, but Doyon seems just like the hackers I knew a decade ago, paranoid pot-heads who weren't afraid of screwing things up by playing with stuff they found on hackerhideout or wherever. Script kiddies. The most capable guys I knew were the least likely pull the trigger, probably because they had something to lose. I don't doubt that there are some capable people that associate with Anon, but in general their disruptions are pretty minor and random, so who cares?

DDoS is pretty lame and extremely low tech.

But, these guys, subgroups of them anyway, did actually do some serious hacking here and there. And Doyon was a perfect spokesperson. He was very good at living on the run.

wait, the guy is homeless activist? Where does he get the money for all the hardware and software? How does he pay for his internet connection bills? Does he have a money making business on the side? Or does he live on "federal grants"?

His day to day expenses are from panhandling. (First article) By planning ahead he can also pay his equipment expenses by panhandling (good locations can easily pay $60+ per hour)

His internet connections are covered in the first article. Coffee shops, McDonalds and other free WiFi providers.

Are you retarded? He's a wanted fugitive--so it's likely that the only kind of support Uncle Sam would give him is a 6x6 cell in FPMITA prison.

Disparaging comments about federal grants are generally made by people who think government money grows on trees, and is rather easy to pluck. Grant funding is incredibly hard to get, even for those working on interesting, useful things. Generally the implicit assumption is that the commenter would never engage in such activity because they're too John Galt-y or some other retarded bullshit.

Here's the answer to your question, from the first article:

Quote:

But on the run in Canada, Doyon's lifestyle is anything but pretentious. After smoking a cigarette to calm down from the stress of our initial meeting, Doyon takes me into the woods to show me an old campsite he built when he first arrived in the city where we meet. It looks like a skeletal beaver dam, interlocking sticks that form a support for a tarp at night. Returning to a sunlit clearing, he points to an abandoned warehouse where he can sneak inside to bed down in cold weather. The property's security guard does nothing more than pull up in his car once a night before driving away and the building still has power for charging Doyon's laptop each night. But it's hardly the sort of place most people would choose to live.

Each morning, Doyon panhandles for cash until he reaches the $15 he needs. He subsists on coffee and cigarettes to make it through each day, then orders a large meal from McDonald's each night. For 10 hours or more a day, he is online from places like the local Tim Horton's donut shop.

"Just setting up my computer so I can begin work is a 20 minute process due to the extreme security measures I use to avoid being tracked online," he says. "All of my communications channels such as my many e-mail accounts, Twitter, Skype, and IRC, etc. need to be painstakingly opened based upon a rigid security protocol."

When we met, I asked him how he could possibly have put his own real name on the PLF domain name registration form when he was trying to stay hidden. "I don't know," [Doyon] said. "I was stupid."

The likely real reason he did that was to save money on the domain registration. The privacy services usually cost significantly more, and Doyon was not in a position to squander money. Sure, he could try to provide false information to the registrar, but then he faces revocation of the domain and probable banishment from that registrar if his fraud is discovered.

I'm wondering about this series of article about Anonymous we're seeing. I'm finding them uninteresting, devoid of substance, actually of anything to catch my imagination or my fancy.

I don't have much interest in cyber-vandals though I sometimes find their shenanigans rather funny. I don't think they're having any kind of impact though, apart from strengthening anti-hacking legislation.

My question is: What's the point of this series ? Share the plight of a fugitive ? Of a pursuer ? Is there a lesson we're supposed to get from those ?

Because a whole shitload of people find it interesting.

Not everything's a Disney movie.

Psst! Bambie's mom gets it in the end.

The real takeaway which really should be obvious, but you'd be surprised how many get caught by it, is that even smart people make dumb mistakes. Technology isn't going to fix that.

His 20 minutes routine is laughable... If he had any moderate technical skills he would have automated this at some point. I wonder what kind of cargo cult stuff he's doing every time...

If it was automated, then anyone who seized his computer would have access to that automated routine as well, which would probably defeat the purpose.

There's a few simple things he could possibly do to prevent this type of problem:

- encrypted disk makes it impossible once powered off- pop the battery out and run from cord. have the cord under foot so if pulled away the computer pops off.- auto shutdown when lid is closed. if i'm working, then i'm not taking a break.- encrypt the bash file that contains the automated setup, and only decrypt in memory to run- store segments of the automation on each server you're running through, and use a randomized connector to chose a random path through the servers when establishing a connection

I'm just spitballing here, but still seems like he should be able to automate the connection process.

Some of the most effective weapons in history used by terrorists aren't high tech. See underwear and shoe bombers as perfect examples. Sometimes providing simple tools to followers who can easily use them is the best method of attack. <---not advocating any of the BS anon has done. Just taking note.

wait, the guy is homeless activist? Where does he get the money for all the hardware and software? How does he pay for his internet connection bills? Does he have a money making business on the side? Or does he live on "federal grants"?

His day to day expenses are from panhandling. (First article) By planning ahead he can also pay his equipment expenses by panhandling (good locations can easily pay $60+ per hour)

His internet connections are covered in the first article. Coffee shops, McDonalds and other free WiFi providers.

Yup I know a guy a lot like this except for panhandling he does techie odd-jobs. The only time he asks for help is when he has a catastrophic hardware failure.